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ABSTRACT 



A system and method for selectively controlling database 
access by providing a system and method that allows a 
network administrator or manager to restrict specific system 
users from accessing information from certain public or 
otherwise uncontrolled databases (ie., the WWW and the 
Internet). The invention employs a relational database to 
determine access rights, and this database may be readily 
updated and modified by an administrator. Within this rela- 
tional database specific resource identifiers (i.e v URLs) are 
classified as being in a particular access group. The rela- 
tional database is arranged so that for each user of the system 
a request for a particular resource will only be passed on 
from the local network to a server providing a link to the 
public/uncontrolled database if the resource identifier is in 
an access group for which the user has been assigned 
specific permissions by an administrator. In one preferred 
embodiment, the invention is implemented as part of a proxy 
server within the user's local network. 

23 Claims, 6 Drawing Sheets 
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FIG. 4 
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DOCUMENT URL [ 
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FIG. 5 
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FIG. 6 



DOCUMENT TITLE: [ 
DOCUMENT URL [ 



PHASE INDICATE WHY YOU BELIEVE THE RATING SHOULD 6E CHANGED ON HTTP://ATT.NET/DIR8D0 



SUGGESTED RATING: PnT 



MAIN REASON: [ ZERO VIOLENT CONTENT 
FROM: 



C 



THE RESOURCE PROVIDES A LISTING 
OF TOLL-FREE TELEPHONE NUMBERS 
THAT MAY BE SEARCHED BY 
INDIVIDUAL USTING NAME OR 
GENERAL USTING CATEGORY. THERE 
ARE NO VIOLENT GRAPHICS/TEXT 
WITHIN THE RESOURCE ITSELF. 
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SYSTEM AND METHOD FOR RESTRICTING Naturally, technical solutions such as "firewalls" are also 

USER ACCESS RIGHTS ON THE INTERNET available to limit or impede access to the WWW and 

BASED ON RATING INFORMATION Internet These firewalls are software-based gateways that 

STORED IN A RELATIONAL DATABASE are commonly installed to protect computers on a local area 

___ >t7XT _ ■ 5 network ("LAN") from being attacked by outsiders. One 

CROSS-REFER^O^ TO RELATED effect of installing a firewall is that WWW clients can no 

APPUCAnON longer directly contact WWW servers. Typically, this proves 

This is a continuation-in-part of the U.S. patent applica- too restrictive, and users resort to **proxy servers" that are 

tion Scr. No. 08/469276, filed on Jun. 6, 1995 entitled directly contacted by WWW clients. These proxy servers 

"System And Method For Database Access Administration", 10 have special abilities to forward requests through the 

now abandoned firewall, and thereby provide communication to and from 

TCPuxrrr»Ai tttttt r\ servers on the Internet. For efficiency, a proxy server may 

also cache some resources locally. Current cheats and proxy 

The invention relates to controlling database access and, servers yield access to every public resource in the 

more particularly, to selectively providing such control with 15 WWW — . They are not configured to allow a particular user 

respect to otherwise public databases. to request some resources, while preventing access by that 

BACKGROUND OF THE INVENTION user to o* 3 " resources. 

m - . Some "filtering^ of the available WWW resources may be 

Files or other resources , on computers around the world * £ 

may be made publicly available to users of other computers ^ rT 7 . . . , . 

* -I *T „^17 TT w T: ?u T . * 20 systems an information provider would download resources 

through the collection of networks known as the Internet ' fcU * r\ . * **u n 

ITie Collection of all such publicly available resources. ^ ^ WWW and maintain copies of the resources. Users 

linked together using files written in Hypertext Mark-up WOUld » ccess co ^ ™ e 

Language ("imar), is known as the World Wide Web resources 85 **y arc ***** from * e 

.'^*J^i v and edit out any inappropriate or obscene material prior to 

. ' .. . . j w ^ 25 making the resource available to users. A disadvantage of 

A user of a computer that is connected to the Internet may ^ ^ eme to ^ me n^nal provided by the information 

cause a program Jmown as a client to request resources that idex ^ ou,^^ compare 4 to me original 

are part of the WWW. Server programs then process the resource on the WWW. 

requests to return the specified resources (assuming they are , ' , . „ mm , 

currently available). A standard naming convention has been » to 60 alten,ate scheme of .™ t « ed t0 

adopted, known as a Uniform Resource Locator ("URL"). "sources, a proxy server provides a user with a menu of 

This convention encompasses several types of location a " owed resources *?t may be accessed, and users can 

names, presently including subclasses such as Hypertext obtain any resources that canbe reached by a series of links 

Transport Protocol ("hop"). File Transport Protocol ("ftp"), from *f ™" r « ources - ™« user * ^ t*nwted 

gopher, and Wide Area Information Service ("WAIST). 35 request URLs via this menu. This parocular rnemod has two 

When a resource is downloaded, it may include the URLs of d / sadvarta 8«- Fir5t > «wur« $ must be exdudedfrom 

additional resources. Thus, the user of the client can easily ^ menu ^ « ,ntaln 1 Unks . *° appropriate 

learn of the existence of new resources that he or she had not mat<n * 1 - thou 8h they themselves might be acceptable, 

specifically requested. Second, a resource may change over time to include new 

The various resources accessible via the WWW are ere- 40 ^.j?* to ^P^te material, and thereby 
ated and maintained by many different people on computers ** 0Vl6e auOTWlthan unlnteiKled of aCCeSS to 
around the world, with no centralized control of content As stm another mcthod of "Stew*" access to WWW 
particular types of information or images contained in this resources, the client or proxy server checks each resource for 
uncontrolled information collection may not be suitable for a Ust of fallowed words ( Le - obscenities; sexual terms, 
certain users, it may be desirable to selectively restrict 45 etc.) and shows me usa oidy mosc resources mat are free of 
access to WWW resources. For example, parents or school these words. However, this method does not permit filtering 
teachers might wish to have children access useful of images and does not prohibit resources that might be 
information, but not obscene material (which the children inappropriate due to content other than specific words, 
may be exposed to as a result of innocent exploration of the Yet another means of protecting users from inappropriate 
WWW, or through the incidental downloading of a URL). 50 or obscene materials has been established by the computer 
Another example is the case of school teachers who would and video game manufacturers. The games are voluntarily 
like their students to access just a particular group of rated on the dimensions of violence, nudity/sex, and lan- 
resources during a class meeting. A third example is busi- guage. Although such conventions have not yet been 
nesses that would like their employees to access only adopted in the WWW. the analog would be to add such 
work-related resources, but not to spend their time on other 55 ratings to WWW resources, presumably with digital signa- 
WWW explorations. In general, a particular user might need tures to prevent forgery. A WWW client could then, if so 
to be restricted to different resources at different times, as in programmed, choose not to save or display any resource that 
the case of a student restricted to different sets of resources is unrated or has an unacceptable raring for the given 
during classes on different subjects. audience. The disadvantage of mis scheme is the need to 

Some authorities such as schools ask the users to abide by 60 convince the many people who provide useful servers (often 

a policy statement by which they agree to restrict their on a non-professional or pro bono basis) to coordinate with 

exploration of the WWW. for example, by agreeing not to a rating panel 

download obscene material. However, voluntary compli- All of the present systems for limiting user access to an 
ance with such a policy will not prevent the accidental uncontrolled public database resources, such as those avail- 
downloading of resources that are not readily identifiable as 65 able on the WWW, have obvious shortcomings. Presently, 
forbidden or inappropriate prior to downloading and view- there exists no simple means for an authority (ie.; teacher, 
ing. supervisor, system adnunistrator, etc.) to selectively control 
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WWW access by one or more users, without significantly 
impairing the users* ability to communicate with the Inter- 
net. This is especially true if the particular authority wishing 
to exert such control has few computer skills with respect to 
the management of information/services networks. 5 

SUMMARY OF THE INVENTION 

The present invention overcomes the deficiencies of prior 
schemes for regulating network database access by provid- 
ing a system and method that allows one or more network "> 
administrators/managers to rate particular information and/ 
or services. This rating is then employed to restrict specific 
system users from accessing the information/ services via 
certain public or otherwise uncontrolled databases (i.e., the 
WWW and the Internet). The invention employs a relational 15 
database to determine access rights, and store rating infor- 
mation. The rating information database may be readily 
updated and modified by an adniMstrator/managcr. Within 
this relational database specific resource identifiers (ie. t 
URLs) are classified as being associated with a particular 20 
access rating. The relational database is arranged so that for 
each user of the system a request for a particular resource 
will only be passed on from the local network to a server 
providing a link to the public/uncontrolled database if the 
resource identifier has an access rating for which the user has 25 
been assigned specific permissions by an administrator/ 
manager. In one preferred embodiment, the invention is 
implemented as part of a proxy server within the user's local 
network. In another embodiment, the system maintains a 
ratings resource file associated with each specific resource 30 
identifier, wherein comments, conditions, etc. relating the 
particular resource are stored. 

BRIEF DESCRIPTION OF THE DRAWING 

In the drawing: 35 

FIG. 1 is a simplified diagram of an exemplary system 
embodying the invention; 

FIG. 2 is a simplified diagram of an alternate arrangement 
of the system of FIG. 1 adapted to facilitate the classification 
of URLs into rating groups; 

FIG. 3 is a simplified diagram of an alternate arrangement 
of the system of FIG. 1 including system management 
adaptations; 

FIG. 4 is an illustration of ratings information returned to 45 
a system manager upon retrieval of a particular network 
resource; 

FIG. 5 is an illustration of resource categorization infor- 
mation provided to a network manager; and 

FIG. 6 is an illustration of a ratings editing page acces- so 
sible by a network manager. 

DETAILED DESCRIPTION OF THE 
INVENTION 

FIG. 1 is a simplified diagram of an exemplary system 55 
embodying the invention. A related system is the subject of 
the co-pending, and commonly assigned U.S. patent appli- 
cation Ser. No; 08/469342, entitled "System And Method 
For Database Access Control" which was filed on Jun. 6, 
1995. As shown in FIG. 1, the system includes public 60 
network 100. network resources 101-105, and user site 106. 
Particular users at user site 106 gain access to public 
network 100 via user terminals 107. 108 and 109. Each of 
these user terminals is linked by local area network ("LAN") 
110 to processor 111 within proxy server 112. Finally, proxy 63 
server 112 provides a connection from processor 111 to 
public network 100 via firewall 113. 
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Requests from user terminals 107-109 for access to 
network resources (101-105) through public network 100 
are submitted to processor 111 within proxy server 112. In 
this particular embodiment of the invention, the submitted 
requests are assumed to be in the form of URLs. As is well 
known in art, when URLs are submitted to a proxy server, 
the particular requesting user terminal is identified to the 
proxy server by an identification header attached to the 
URL. For the system shown in FIG. 1, the identification 
code for user terminal 107 is ID 107 , the identification code 
for user terminal 108 is ID l08 . and the identification code for 
user terminal 109 is ID J09 . In addition, within the system of 
FIG. 1, URLs designated as URL 101 , URL 102 , URL 103 , 
URL 104 and URL lQ3 , represent requests for information 
from network resources 101. 102. 103, 104 and 105. respec- 
tively. 

Upon receipt of an incoming URL. processor 111 is 
programmed to determine the identity of the requesting user 
terminal from the URL header. This identification informa- 
tion is then utilized by processor 111 to cross-reference the 
received URL with information stored in relational database 
114. Relational database 114 contains listing 115 which 
associates each of the user identification codes (ED 107 , ID 108 
and ID log ) with a user clearance code (user clearances 107 . 
user dearances loe and user ciearances 109 . respectively). 
These user clearances indicate the particular rating class or 
classes of network resources that a given user terminal is 
allowed to access (Le.; unlimited access; restricted use of 
URLs identified as accessing violent subject matter; 
restricted use of URLs that are identified as accessing 
obscene subject matter; etc). Also contained in relational 
database 114 is listing 116 which includes a register of 
allowable URLs (URL 101 _ 103 ) that may be transmitted from 
a user terminal to access network resources. listing 116 
associates each of these URLs with a particular resource 
rating data (resource rating 10l _ l05 ). The resource rating 
associated with each of said URLs can be something as 
simple as a rating class indicator. For example, an indication 
that a particular URL is approved for use by all users, or that 
use of a particular URL is restricted for some reason (Le.; the 
URL accesses network resources that contain violent or 
obscene subject matter). 

For example, assume mat a system administrator or 
manager had subjectively categorized the network resources 
of FIG. 1 into three classes (non-violent — NV, moderately 
violent — MV, and violent — V) as follows: network resource 
101 — NV, network resource 102 — NV, network resource 
103— NV, network resource 104— MV, and network 
resource 105— V). The URL/resource rating listing 116 
would then contain the following data: 



URL 


Resource Rating 


URL 10 i 


NV 


URL lfla 


NV 


URL 1CD 


NV 


URLkm 


MV 


URL 1Q5 


V 



Further assume that user terminal 107 should be allowed 
access to all network resources (NV, MV and V); that user 
terminal 108 should only be allowed to access NV and MV 
rated resources; and mat user terminal 109 should be 
allowed to access only NV resources. Information reflective 
of these user terminal clearances would be stored within 
listing in 115 as follows; 
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User Identification 


User Clearance 




NV t MV T V 




NV, MV 




NV 



Within the system of FIG. 1, when a requesting user 
terminal transmits a URL via LAN HO, processor HI 
receives the URL and the requesting user terminal identifi- *0 
cation code. Processor 111 then queries listing 115 to deter- 
mine the allowable resource ratings for the particular 
requesting user terminal, and listing 116 to determine the 
resource rating of the network resource that will be accessed 
by the particular received URL. If a URL requesting network 1 5 
resource 101 was received by processor 111 from user 
terminal 107, list 115 and 116 within relational database 114 
would yield information indicating that user terminal 107 
was cleared to access NV, MV and V rated network 
resources, and that URL 10l had a rating of NV. As the rating 20 
of the requested resource was one of the ratings for which 
the requesting user terminal had clearance, processor 111 
would forward the request for information (URL 101 ) to 
public network 100 via firewall 113. Assuming the requested 
resource was available, public network returns the requested 25 
information to user terminal 107 via firewall 113, processor 
111 and LAN 110. Contrastingly, if a URL having a rating 
that the requesting user terminal is not cleared for is received 
by processor 111, that request for information is denied For 
instance, if URL 105 is received by processor 111 from user 30 
terminal 109, relational database 114 is accessed. Since the 
data within listings 115 and 116 show mat URL 1C3 has a 
rating of V, and that user terminal 109 is cleared to access 
only NV rated network resources, processor 111 denies the 
request for information, and no URL is sent to public 33 
network 100. Processor 111 could also be programmed to 
deny all requests from user terminals for un -rated resources. 
This would prohibit the accessing of network resources that 
had not been reviewed or rated by the system administrator/ 
manager. It will also be understood from the above de scrip- 40 
tion of the invention that images contained within a given 
resource (i.e., in-line images) are subject to the same rating 
given to the resource. There would be no need to rate the 
in-line images separately. 

In the particular embodiment described above, relational 45 
database 114 stores a list of user terminal identification 
codes and the various user clearances reflective of the 
ratings of network resources that each user terminal should 
be allowed to retrieve from public network 100. It will be 
understood that the invention could be modified so that the 50 
list of user clearances associated with a given user terminal 
identification code serves as a restrictive list (Le.; that user 
is not allowed to retrieve network resources having that 
rating). This restrictive listing functionality could be readily 
facilitated by reprogramming processor 111. In addition, the 55 
invention could be modified so that the identification codes 
recognized by processor 111 and stored in relational data- 
base 114 are user specific, as opposed to user terrninal 
specific. In other words, the system of FIG. 1 could be 
modified so that a given individual using a terminal is 60 
identified to the system by a personal password or other 
identifying code. Access or denial of the transmission of 
particular URLs is effected by the system as a function of 
that person's identity, regardless of the particular user ter- 
minal they may be utilizing. 65 

The above described system may also be modified so that 
URLs are identified as being in a rating category within the 
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memory structure of a relational database. FIG. 2 provides 
a simplified diagram of a system similar to that of FIG. 1, but 
adapted to facilitate the classification of URLs into rating 
groups. As shown* relational database 200 includes user 
identification code listing 201 and URL listing 202. Listing 
201 designates user identification codes ID t07 and U> 10S as 
being in the user clearance A category, and ID 109 as being in 
the user clearance B category. Upon receipt of an incoming 
URL, processor 111 ascertains the identity of the requesting 
user teiminal from the URL header, and then utilizes this 
identification information to determine the clearance cat- 
egory specified for that particular user within listing 201. 
The particular URL received by processor 111 is then 
cross-referenced with listing 202 to determine the associated 
resource raring category. If the requesting user has a clear- 
ance that corresponds to resource raring associated with the 
requested URL, processor 111 forwards the URL to public 
network 100 via firewall 113. Public network 100 returns the 
requested information to the identified user via firewall 113, 
processor 111 and LAN 110. Contrastingly, if a URL is 
included in a resource rating category for which the request- 
ing user is not cleared, processor 111 denies the request for 
information. 

In addition, the URL rating data within the above 
described systems can include a text listing of the rationale 
upon which a given rating is based, or additional information 
that facilitates more complex conditional rating schemes. As 
an illustration of a conditional rating for a URL assume that 
a the resource rating associated with a particular URL has 
been rated V for violent, and that all the terminals within a 
given school have clearances of NV (no violence). 
Therefore, in general, none of the school terminals would be 
granted use of the V rated URL. However, situations could 
arise that require exception to this general rule. For example, 
a certain terrninal associated with a history class could need 
to access a particular resource that contained violent, but 
relevant information on an historic military battle. To facili- 
tate access to such resources, the relational database rating 
information for the military battle resource would be aug- 
mented to reflect the conditional rating of "NV for user 
terminals located in history classrooms; V for all other 
terminals'*. With this conditional system* history class ter- 
minals would be restricted from all other 'Violent" rated 
URLs, but still be capable of accessing historically 
significant, yet violent, network resources. Conditional 
access could also be granted to terminals or users a function 
of time (i.e.; access limited to certain times of day for certain 
users or user terminals). 

As stated above, the relational databases within the sys- 
tems of FIG. 1 and FIG. 2 contain listings of user/user 
terminal Identification codes and URLs. These listings are 
subjectively categorized or rated to facilitate the selective 
access of otherwise public network resources. This 
categorization/rating was assumed to have been performed 
by a system manager, and is effected by modifying the 
contents of the relational database utilized in practicing the 
invention. Within the system shown in FIG. 3, processor 111 
can be prograrnmed to allow resource categorization infor- 
mation (listing 500) and/or user/user terminal clearance 
information (listing 301) within relational database 302 to be 
modified only by a specific dedicated management terminal 
303. Restricting ability to "write" new information into 
relational database 302 to management terminal 303 mini- 
mizes opportunities for database tampering. Alternately, the 
system can also be configured to permit database modifica- 
tion to be performed from any one of user terminals 107, 108 
or 109. To protect against corruption of the contents of 
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relational database 302. authorization for altering the cod- managers could submit or alter a resource's rating, but the 

tents of relational database 302 from a user terminal is ultimate rating stored in the relation database would be an 

controlled via use of a manager identifier. For example, if a averaging of the submitted ratings, or whatever the majority 

system manager wished to modify relational Humhw 302 of the managers chose as the rating of the particular 

from user terminal 108. he or she would enter a password 5 resource. The relational database utilized in systems facOi- 

identirying themselves as an authorized system manager: taring the invention could also be configured so that infor- 

The password is received by processor 111 and compared mation indicative of allowable resource access is arranged to 

with the contents of manager ID memory listing 304. If the conform to resources that axe configured in a tree structure 

received manager ID password corresponds to one stored in format (such as a hierarchical directory arrangement). Such 

listing 304. then user terminal 108 is identified as a manager 10 a relational database would include a listing of directory 

terniinal (as indicated by ID l08 being stored within listing subdirectory identifiers that could be labeled with a 

304). Modifications to the contents of relational database particular resource rating. The system could be configured 

302 may men be effected from that user terminal. When all so that resources located within a directory or subdirectory 

modifications have been completed, the manager logs off so labeled, would assume the rating of the overall directory/ 

and user terminal 108 returns to standard user terminal status 13 subdirectory. Alternatively, the system could employ a pri- 

(ie., n> 108 is cleared from listing 304). oritized directory/subdirectory rating system. In such a 

With the ever increasing proliferation of information system, a directory would be assigned an overall rating such 

systems in home, school and work environments, it is often ** "^ yr - Particular items or subdirectories within this NV 

the case that the responsibility of T"«n*g*"g information rated directory could then be labeled with specific ratings 

access falls upon one or more individuals that are less than 20 outside of "NV, such as "V**. When a user accessed the NV 

expert with respect to computer or information systems. Any rated directory, all items within it would be assumed to have 

of the above described systems can be implemented in a an NV rating, except those items or subdirectories labeled 

manner that allows a non-expert manager to easily control with some other, more specific and different rating, 

the systems. For example, within the system of FIG. 3, ^ invention claimed is: 

processor 111 can be programmed to provide users recog- 25 1- A system for selectively restricting access to one or 

nized as system managers with an HTML "rating header" rnctre otherwise public information resources, comprising: 

prior to the lead page of each retrieved network resource. If a relational database containing a first stored listing that 

a manager retrieved the AT&T 800 Directory network associates each of a plurality of resource identifiers 

resource via public network 100, the returned information with at least one resource rating, and a second stored 

would be labeled by processor 111 to reflect a non-violent 30 listing that associates each of a plurality of user iden- 

rating (see FIG. 4, note the "NV" designation that precedes tifl cation codes with at least one user clearance rating; 

the retrieved resource — the AT&T 800 Directory). The man- a processor adapted to receive a request for network 

ager may review the reasoning behind the rating by clicking access to one or more particular network resources , said 

on the portion of the HTML rating page labeled "click here". request including a resource identifier and a user iden- 

Tms results in the retrieval from resource categorization 35 tification code, said processor being further adapted to 

information listing 300 of the rationale upon which the NV query said first and second listings within said rela- 

rating was based (see the page shown in FIG. 5). If the tional database, and execute said request for network 

manager wished to disagree with the assigned rating upon access to said one or mere particular network resources 

retrieving the AT&T 800 Directory resource, he or she as a function of the resource rating shown to be 

would click on "If you disagree, click here". This retrieves 40 associated with said received resource identifier within 

rating and rationale information from resource categoriza- said first listing, and the user clearance rating shown to 

don information listing 300, and provides the manager with be associated with said received user identification 

a page that facilitates editing of the rating (see FIG. 6). This code within said second listing, 

page provides the manager with the current rating of the 2. The invention of claim 1 wherein at least one of said 

resource ("NV"), the main reason it was rated as such ("zero 45 one or more particular network resources includes at least 

violent content"), and an area far entering a more detailed one image. 

reason ("The resource consists of telephone listings ..."). 3. The invention of claim 1 wherein said processor is 

Upon completing, or modifying this HTML page, the system programmed to execute said request for access if said 

manager would select "Send Message" and thereby transmit resource rating associated with said received resource iden- 

the page to relational database 302 for storage within listing so tifier within said first listing, corresponds to at least one of 

300. said user clearance ratings associated with said received user 

It will be understood that the particular system and identification code within said second listing, 

method described above is only illustrative of the principles 4. The invention of claim 1 wherein said processor is 

of the present invention, and that various modifications programmed to deny execution of said request for access if 

could be made by those skilled in the art without departing 55 said resource rating associated with said received resource 

from the scope and spirit of the present invention, which is identifier within said first listing, corresponds to at least one 

limited only by the claims that follow. For example, any one of said user clearance ratings associated with said received 

of the above described embodiments could be modified to user identification code within said second listing, 

accept requests from users/user terminals that are in a format 5. The invention of claim 1 wherein said processor is 

other than a URL. The relational database would merely 60 contained within a network proxy server, 

have to be modified to stare sets of information indicative of 6. The invention of claim 1 wherein each of said user 

the particular type of request format being employed, and identification codes identifies one or more terminals adapted 

associated with a particular user class. Yet another modifi- for facilitating network access to one or more particular 

cation would involve the adaptation to a multi-manager network resources. 

environment. In such an environment, network resource 65 7. The invention of claim 1 wherein each of said user 

ratings could be arrived at as a result of voting among a identification codes identifies one or more individuals autho- 

number of system managers. For example, a number of rized to access one or more particular network resources. 
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8. The invention of claim 1 wherein each of said resource with said received user identification code within said 
identifiers corresponds to one or more uniform resource stored listing. 

locators for accessing one or more particular network 14. The method of claim 13 wherein at least one of said 

resources. one ox more particular network resources includes at least 

9. The invention of claim 1 wherein said relational 5 0Ilc Image. 

database further includes a data listing associated with one l 5 - The method of claim 13 wherein the execution of said 

or more of said plurality of resource identifiers, wherein said request for access is performed if said stared listing shows 

data listing represents textual information related to the said »«ived user identification code to be associated with 

resource rating shown to be associated with said one or more * lcast onc , usc 5 ckara ?f corresponding to at least one 

of said plurality of resource identifiers within said first to ^«shown to be associated wim said one or more 

listinc particular network resources. 

71*%^ • . * i ■ ^ . . . . , 16. The method of claim 13 wherein the execution of said 

, !u H claim 1 wherein said relational t ^ 1ot ^ $ i $ teMiSriAMta&*^^ 

database further includes a conditional data listing assoct- r ^ ivc4 user idcntification code to be assorted with at 

ated with one or more of said resource identifiers, wherein lcast one user clearance corresponding to at least one 

said conditional data listing represents information indica- 15 resource rating shown to be associated with said one or more 

tive of specific conditions under which requests for network particular network resources. 

access to particular network resources associated with said n. The method of claim 13 wherein each of said user 

resource identifier can be executed, and wherein said pro- identification codes identifies one or more terminals adapted 

cesser is further adapted to execute said request for network for facilitating network access to one or more particular 

access to said one or more particular network resources as a 20 network resources. 

function of said conditional data listing. 18. The method of claim 13 wherein each of said user 

11. The invention of claim 1 wherein said relational identification codes identifies one or more individuals autho- 

database further comprises a stored listing of at least one rized to access one or more particular network resources, 

system manager identifier, and said processor is adapted to 19- The method of claim 13 wherein each of said resource 

identify a user as a system manager on the basis of said 25 identifiers corresponds to one or more uniform resource 

system manager identifier listing, and thereby permit said locators for accessing said one or more particular network 

identified system manager to modify the contents said resources. 

relational database. 20- The method of claim 13 further comprising the step of 

IX The invention of claim 11 wherein said relational providing a user with access to a data listing within said 

database further comprises a stored listing containing at least 30 relational database wherein said data listing is associated 

one HTML page adapted to facilitate the modification of the w * 0De OT »°« of ^ Plurahty of resource identifiers, and 

contents of said relational database by said identified system ^ d l * u W textual information 

mana ger related to the resource rating shown to be associated with 

13. A 'method for selectively restricting access to one or onc .<f ° f said P luraUtv rf rcsource tenMm 

more otherwise public information resources, comprising 35 s^ 1 stored listing . 

the steps of: 21. The method of claim 13 wherein said relational 

. , , database further comprises a stored listing of at least one 

receiving a request for access to one or more particular m a ^ ^ ^ u ada ^ d to 

inforrn^on resource^ wherem said request includes a idenuf y a user as a system manager on the basis* said 

user identification code and a resource identifier; system Identifier listing, and thereby permit said 

comparing said received request for access tea relational w identified system manager to modify the contents said 

database containing a stored listing of user identifier- relational database. 

tion codes and resource identifiers, wherein each of 22. The invention of claim 1 wherein said plurality of 

said resource identifiers is associated with at least one resource identifiers associated with at least one resource 

resource rating, and wherein each of said user identi- rating m arranged in a hierarchical directory data structure, 

fication codes is associated with at least one user *° 23. The invention of claim 22 wherein said plurality of 

clearance rating; resource identifiers arranged in said hierarchical directory 

executing said request for access as a function of the data structure are associated with more than one resource 

resource rating shown to be associated with said rating, 
received resource identifier within said stored listing, 

and the user clearance rating shown to be associated * * * * * 
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